Lecture 36 Computer Security

1
Lecture 36Computer Security

• Phillip G. Bradford
• Computer Science Department
• The University of Alabama

2
Announcements

• Click Here for a very important Announcement !
• Any students whom are interested, I will offer my
  full support!
• Please consider this!

3
Announcements

• Talk Friday
• Professor Michiel Smid
• Carleton University
• Approximating geometric bottleneck shortest
  paths
• Prof. Smid will be discussing foundations of
  theory that lead to important applications

4
Announcements

• Final Exam
• Comprehensive
• Outline
• Practice Exam

5
References

• Ian Parkinsons Article at IBM
• http//www-106.ibm.com/developerworks/java/library
  /j-customssl/?dwzonejava
• www.java.sun.com

6
Outline

• Announcements
• Final Exam Discussion
• SSL (TLS)
• Little Project

7
Objectives

• Understand how the Final will work
• Overview of JSSE
• From the Project get hands on experience with
  Java Security Code

8
Signatures

• What is a signature
• Message Digest with Public-key signature

9
TLS (SSL) and JSSE

• Transport Layer Security
• Recall our previous discussions
• JSSE Java Secure Socket Extension
• Encrypts socket data
• Foundation for HTTPS
• JSSE has an API for Secure Sockets

10
From http//java.sun.com/products/jsse/index-103
.html
11
Benefits of JSSE

• TCP and not UDP
• Foundation for higher-level systems
• Such as HTTPS
• Sockets are fundamental
• Classic Paradigm---
• Few servers and many clients

12
Benefits of JSSE

• Servers authenticate
• Clients do not have to!
• Though, they can be required to, as well
• Why is this good?
• Client side is simpler
• Via usual transactions, clients already identify
  themselves to some degree

13
JSSE Truststores

• For third-party verification of TLS Servers by
  Clients
• Certificate Authority
• Can be for clients too, if Server requires client
  certification
• A database that holds certificates
• Basically a KeyStore with certificates
• Managed by keytool
• Uses the Class KeyStore

14
JSSE Certificates

• java.security.cert.Certificate
• java.security.cert.X509Certificate
• Contents
• Certificate,
• Signature Algorithm, and
• Signature
• Name
• Serial Number
• Time-to-expire, etc.

15
JSSE Factories

• SSLSocketFactories
• javax.net.ssl.SSLSocketFactory
• Abstract
• Static function
• SocketFactory getDefault()
• createSocket
• getDefaultCipherSuites()
• getSupportedCipherSuites()

16
Project Outline

• For Friday
• Combine
• CipherTest
• SignatureTest
• CiperOutputStream and CipherTest

17
Project Outline
Generate Private Key (DES CiperTest)
Encapsulate it in a Signed Class (SignatureTest)
Exchange Private Key using the Signed Class (File
is OK)
Use Private Key to Encode CipherOutputStream and
send a file